March 27, 2024 at 06:42AM CISA added the CVE-2023-24955 SharePoint flaw, part of an exploit chain for unauthenticated remote code execution, to its Known Exploited Vulnerabilities list, after it was demonstrated at Pwn2Own. Microsoft patched this flaw in May 2023. CISA’s catalog now holds four exploited SharePoint vulnerabilities, with CVE-2023-24955 requiring attention by government organizations … Read more
March 24, 2024 at 09:24PM Microsoft admitted to a memory leak issue in its March patches causing Windows domain controller crashes. A fix has been issued. Atlassian revealed a SQL injection bug and other critical vulnerabilities. A new, more dangerous variant of the AcidRain wiper malware has been identified. Negligent employees are the main cause … Read more
March 22, 2024 at 06:15PM Microsoft has issued emergency updates to resolve a memory leak in Windows domain controllers causing crashes after installing the March 2024 Windows Server security updates. This flaw affects various server versions and can lead to excessive memory usage, resulting in unanticipated restarts. Admins can download and install the updates from … Read more
March 21, 2024 at 09:45AM Microsoft has released a patch for an Xbox vulnerability (CVE-2024-2891) categorized as ‘important’ severity, allowing local attackers with low privileges to escalate to System. The fix is automatically delivered to users with automatic updates enabled. This follows initial reluctance by Microsoft to acknowledge the issue, which was later publicly disclosed … Read more
March 21, 2024 at 08:31AM Microsoft has confirmed that a memory leak introduced with the March 2024 Windows Server security updates is causing widespread issues and crashes for domain controllers. The problem affects various Windows Server versions and has prompted a temporary workaround until a fix is released. This is the second notable LSASS memory … Read more
March 15, 2024 at 03:50PM The IMF disclosed a cyber incident involving the breach of 11 email accounts. They are currently investigating the impact and have not found any evidence of further compromise outside of the breached accounts. The organization uses Microsoft’s Office 365 email system, which has been targeted by various hacking groups. IMF … Read more
March 15, 2024 at 01:03PM Microsoft will soon release Office LTSC 2024, entering a commercial preview next month and available later this year. It will have fewer features than Microsoft 365 Apps but will include enhancements such as performance and security improvements. Notable additions to Excel will be included. It will not have Microsoft Publisher … Read more
March 13, 2024 at 12:07PM Microsoft Copilot for Security, a subscription AI security service, will be available on April 1, 2024. The service provides generative AI in standalone and embedded modes and is based on GPT-4 and a Microsoft security-specific model. It aims to defend at machine speed, reduce security talent shortage, and improve productivity. … Read more
March 12, 2024 at 08:21PM Microsoft’s latest Patch Tuesday delivered 61 CVE-tagged vulnerabilities, including two critical bugs affecting Windows Hyper-V hypervisor. One is a remote code execution (RCE) flaw, while the other is a denial of service (DOS) vulnerability. Other high-severity flaws include a critical RCE in Open Management Infrastructure (OMI) and an elevation of … Read more
March 12, 2024 at 02:12PM Microsoft released the KB5035853 cumulative update for Windows 11, addressing 21 fixes and changes. It includes the mandatory March 2024 Patch Tuesday security updates and fixes errors during installation. Notably, it adds support for USB 80Gbps and addresses various issues in Windows and networking. The update is accessible through Windows … Read more